gistfile1.txt

rdj:cf3dcsunix silkey$ svn st
X       trunk/common
X       trunk/inputs/common
X       trunk/inputs/core
M       trunk/inputs/dcsunix/classes.cf
M       trunk/inputs/dcsunix/main.cf
M       trunk/dcsunix/linux/pub/etc/sudoers

Performing status on external item at 'trunk/inputs/core'

Performing status on external item at 'trunk/inputs/common'

Performing status on external item at 'trunk/common'
rdj:cf3dcsunix silkey$ svn di
Index: trunk/inputs/dcsunix/classes.cf
===================================================================
--- trunk/inputs/dcsunix/classes.cf	(revision 694)
+++ trunk/inputs/dcsunix/classes.cf	(working copy)
@@ -120,7 +120,8 @@
     "satellite",
     "Svn",
     "vm_emlprddns_01",
-    "wordPressApp"
+    "wordPressApp",
+    "localDev"
   };
 
 
Index: trunk/inputs/dcsunix/main.cf
===================================================================
--- trunk/inputs/dcsunix/main.cf	(revision 694)
+++ trunk/inputs/dcsunix/main.cf	(working copy)
@@ -296,7 +296,9 @@
 
 ### edit_line (editfiles) promises
 
-  linux.!(mr|po|Omr)::
+  linux.!(mr|po|Omr|localDev)::
+  # Exempt localDev from aliases since we dont want dcsunix@ littered with spray
+  # from tosser virtual machines.
 
     "/etc/aliases"
       edit_line     => append_if_no_such_line("root:dcsunix@yale.edu"),
@@ -405,12 +407,18 @@
       classes   => if_repaired("sendmail_restart"),
       action    => actionsettings_fix_inform("inform");
  
+  linux.!localDev::
+  # Exempt localDev from cf3 cron runs.  We want cf-agent to be run on-demand, with classes
+  # specified interactively much like roles @ chef-solo runs.
+
     "/etc/cron.d/cfengine3"
       copy_from => copy_std("$(linux)/etc/cron.d/cfengine3",
         "@(fileserver)", "false", "false"),
       perms     => mode_owner_group("0444", "root", "root"),
       action    => actionsettings_fix_inform("inform");
 
+  linux::
+
     "/usr/local/bin/procallator.pl"
       copy_from => copy_std("$(linux)/usr/local/bin/procallator.pl", 
         "@(fileserver)", "false", "timestamp"),
@@ -481,7 +489,9 @@
       perms     => mode_owner_group("0444", "root", "root"),
       action    => actionsettings_fix_inform("inform");
 
-  linux.!(loghosts|mr|po|horde|Directory|redhat_s_6)::
+  linux.!(loghosts|mr|po|horde|Directory|redhat_s_6|localDev)::
+  # Exempt localDev from syslog copy.  We likely cant get there anyway.
+  # And we dont want to pollute swatch reports, etc.
 
     "/etc/syslog.conf"
       copy_from => copy_std("$(linux)/etc/syslog.conf",
@@ -490,7 +500,9 @@
       perms     => mode_owner_group("0444", "root", "root"),
       action    => actionsettings_fix_inform("inform");
 
-  redhat_s_6::
+  redhat_s_6.!localDev::
+  # Exempt localDev from rsyslog copy.  We likely cant get there anyway.
+  # And we dont want to pollute swatch reports, etc.
 
     "/etc/rsyslog.conf"
       copy_from => copy_std("$(linux)/etc/rsyslog.conf",
Index: trunk/dcsunix/linux/pub/etc/sudoers
===================================================================
--- trunk/dcsunix/linux/pub/etc/sudoers	(revision 694)
+++ trunk/dcsunix/linux/pub/etc/sudoers	(working copy)
@@ -19,6 +19,18 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
+# Allows nesting in sudo >= 1.7.2. Its a no-op for older versions.
+# We do this so things like localDev can have a priv lifeboat
+# without specifying the priv explicitly in monolithic sudoers.
+#
+# Example: 
+# echo "vagrant        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers.d/vagrant
+#
+# This looks commented, yes, but its not. man 5 sudoers + no toque!
+#includedir /etc/sudoers.d
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
 User_Alias DCSUNIX = jcoleman,cf322,mac256,kr85,rs253,jg685
 User_Alias UNIXSYS = mrd25,ww26,rjh27,ra359,jdf42,bouton
 User_Alias ORACLE_DBA = ap349,ds292,boeher,fl63,vl24,nm64,kad36,ww236
rdj:cf3dcsunix silkey$ 

RIP urrrbody.